User no longer must authenticate twice in authentication
chain

Consider the following scenario. A site configures an authentication
chain with three LDAP modules. All modules are set to SUFFICIENT,
and both the iplanet-am-auth-shared-state-enabled and iplanet-am-auth-store-shared-state-enabled options are set to true. For example:

Patch 5 adds the new iplanet-am-auth-shared-state-behavior-pattern option to the module options with two possible values: tryFirstPass (default) and useFirstPass.

To prevent a user from having to enter the user ID and password twice
to get authenticated (as described in the previous scenario), set this new
option to useFirstPass for all modules in the chain. Previously,
a user who existed only in the third LDAP instance was required to enter a
user ID and password twice to get authenticated.